ArtioSEF Hacks Joomla! MetaData in Shameless Self-Promotion Scandal

By shadyjoomlabuffoonery

It has been brought to our attention that ArtioSEF hacks Joomla’s Generator metadata, shamelessly appending links to generate self promotion and advertising revenue.

This is exactly the kind of Shady Buffoonery that we seek to expose.

This is achieved by the following line of code on 415 of administrator/components/com_sef/sef.class.php:

eval(base64_decode('JHNlZkRpckFkbWluID0gJEdMT0JBTFNbJ21vc0NvbmZpZ19hYnNvbHV0ZV9wYXRoJ10uJy9hZG1pbmlzdHJhdG9yL2NvbXBvbmVudHMvY29tX3NlZi8nOwovLyBsb2FkIGNoZWNrc3VtcwokbGljZW5zZSAgPSB0cmltKEBmaWxlX2dldF9jb250ZW50cygkc2VmRGlyQWRtaW4uJ3NpZ25hdHVyZS5iNjQnKSk7CiRjaGVja3N1bSA9IHRyaW0oQGZpbGVfZ2V0X2NvbnRlbnRzKCRzZWZEaXJBZG1pbi4nY2hlY2tzdW0ubWQ1JykpOwokY2hlY2tzdHIgPSAnJzsKZ2xvYmFsICRzZWZDaGVja0E7CiRzZWZDaGVja0FbM10gPSAkc2VmQ2hlY2tBWzJdID0gJHNlZkNoZWNrQVsxXSA9ICRzZWZDaGVja0FbMF0gPSAnJzsKJHNlZkNoZWNrQSA9IGV4cGxvZGUoJy0nLCAkbGljZW5zZSk7CmZvcmVhY2ggKCRzZWZDaGVja0EgYXMgJGlkID0+ICRjaGVja3BhcnQpIHsKJHNlZkNoZWNrQVskaWRdID0gYmFzZTY0X2RlY29kZSgkY2hlY2twYXJ0KTsKJGNoZWNrc3RyIC49ICRzZWZDaGVja0FbJGlkXTsKfQ0gICAgICAgICR0aGlzLT5lbmFibGVkICY9ICgkY2hlY2tzdW0gPT0gbWQ1KCRjaGVja3N0cikpOwpmdW5jdGlvbiB4bWxQYXJzaW5nKCRwYXRoLCAkYmFzZSwgJGluZGV4LCAkb3B0aW9uKQp7Cmdsb2JhbCAkX1ZFUlNJT04sICRzZWZDaGVja0E7CmlmICgoJHBhdGggPT0gJGJhc2UpCnx8ICgkcGF0aCA9PSAoJGJhc2UuJGluZGV4KSkKfHwgKEAkb3B0aW9uID09ICdjb21fZnJvbnRwYWdlJykpIHsKLy8gZnJvbnRwYWdlIGNvZGUKJF9WRVJTSU9OLT5VUkwgLj0gJHNlZkNoZWNrQVswXTsKJF9WRVJTSU9OLT5DT1BZUklHSFQgLj0gJHNlZkNoZWNrQVsxXTsKfQplbHNlIHsKLy8gb3RoZXIgcGFnZSBjb2RlCiRfVkVSU0lPTi0+VVJMIC49ICRzZWZDaGVja0FbMl07CiRfVkVSU0lPTi0+Q09QWVJJR0hUIC49ICRzZWZDaGVja0FbM107Cn0KfQpmdW5jdGlvbiBpbmNsdWRlU2VmKCRvbmNlID0gZmFsc2UpCnsKZ2xvYmFsICRtb3NDb25maWdfYWJzb2x1dGVfcGF0aCwgJHNlZkNoZWNrQTsKc3RhdGljICRmaXJzdCA9IHRydWU7CmlmKCAkb25jZSAmJiAhJGZpcnN0ICkgIHJldHVybjsKJHR4dCA9IGZpbGVfZ2V0X2NvbnRlbnRzKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwppZihzdWJzdHIoJHR4dCwgMCwgNSkgIT0gJzw/cGhwJykgewokdHh0ID0gYmFzZTY0X2VuY29kZSgkdHh0KTsKJHR4dCA9ICRzZWZDaGVja0FbNF0uJHR4dDsKJGRldHh0ID0gYmFzZTY0X2RlY29kZSgkdHh0KTsKJGRldHh0ID0gc3Vic3RyKCRkZXR4dCwgMiwgLTIpOwpldmFsKCRkZXR4dCk7Cn0gZWxzZSB7CmlmKCAkb25jZSApIHsKaW5jbHVkZV9vbmNlKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwp9IGVsc2UgewppbmNsdWRlKCRtb3NDb25maWdfYWJzb2x1dGVfcGF0aC4nL2NvbXBvbmVudHMvY29tX3NlZi9zZWZfZXh0LnBocCcpOwp9Cn0KJGZpcnN0ID0gZmFsc2U7Cn0='));

To fix, replace this evil line of code with the following:

        function xmlParsing($path, $base, $index, $option) {
            return;
        }

        function includeSef($once = false) {
            global $mosConfig_absolute_path, $sefCheckA;
            static $first = true;
            if( $once && !$first )  return;
            if( $once ) {
                include_once($mosConfig_absolute_path.'/components/com_sef/sef_ext.php');
            } else {
                include($mosConfig_absolute_path.'/components/com_sef/sef_ext.php');
            }
            $first = false;
        }

Tags: , , , , , , , , , ,

This entry was posted on April 14, 2008 at 2:10 pm and is filed under Components. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “ArtioSEF Hacks Joomla! MetaData in Shameless Self-Promotion Scandal”

  1. shadyjoomlabuffoonery Says:
    April 14, 2008 at 2:31 pm

    Fix posted to Joomla! forums: http://forum.joomla.org/viewtopic.php?t=121637

  2. kismert Says:
    April 23, 2008 at 4:06 am

    On some versions of sef.class.php, the offending line is around 385. Search for ‘base64_decode’ and you can’t miss it!

    After looking at the eval’d code, this fix looks like the best solution, because certain links are hard-coded.

    Other links and meta-tag data are kept in:
    /administrator/components/com_sef/signature.b64
    This is a base-64 encoded file whose only purpose is to push ads.

    But, you can’t just delete signature.b64, because it’s MD5 value is checked against the one in:
    /administrator/components/com_sef/checksum.md5

    But, finding the proper MD5 value for signature.b64 requires reading the eval’d code around line 385-415.

    So, it’s best just to follow the fix outlined above.

  3. kismert Says:
    April 23, 2008 at 4:16 am

    This holds for JoomSEF versions 2.2.3 – 2.2.6. Older versions may have the problem, but the fix may be different.

  4. Danny Says:
    May 23, 2008 at 9:16 pm

    Does it apply to artio 3.0.2? I mean, I already hacked class.php, but how can I check that out. You have an installed Joomla with hacked Artio. on my demo website.

  5. warper Says:
    October 14, 2008 at 1:20 am

    For JoomSEF 2.3.0 just search for triggerEnabled() function and edit it

Leave a Reply